README.md in quo_vadis-2.2.2 vs README.md in quo_vadis-2.2.4

- old
+ new

@@ -10,10 +10,11 @@ ## Features ### General features - Works with any model, e.g. `User` or `Person`. +- Works with multiple models, e.g. `User` and `Admin`. - Works with any identifier, e.g. `:username` or `:email`. - Minimal footprint in your models and controllers. - Does not touch your existing database tables. - Secrets (password, TOTP secret, 2FA recovery codes) are encrypted at rest. @@ -29,11 +30,15 @@ - Session replaced after any privilege change. - View active sessions, log out of any of them. - Email-notifications of updates to authentication details. - Audit trail. +### Testing +- Can shortcut logging in for speedier tests. + + ## Installation Add the gem to your Gemfile: ```ruby @@ -130,10 +135,27 @@ Call this to find out whether a user has authenticated with a password. Available in controllers and views. +### Routes + +You can use routing constraints to restrict routes to logged-in or logged-out users. For example: + +```ruby +Rails.application.routes.draw do + constraints(QuoVadis::Constraints::LoggedOut) do + root "pages#index" + end + + constraints(QuoVadis::Constraints::LoggedIn) do + root "dashboard#show", as: :dashboard + end +end +``` + + ### Views You can use `authenticated_model` and `logged_in?` in your views. For example: ```erb @@ -380,9 +402,25 @@ ### Revocation You can revoke a user's access by calling `#revoke_authentication_credentials` on the model instance. This deletes the user's password, TOTP credential, recovery codes, and active sessions. Their authentication logs, or audit trail, are preserved. + + +## Shortcut logging in for functional, integration, and system tests + +Instead of going through your login page to log in before every test, you can tell QuoVadis which model to authenticate as when visiting the first URL in your test. + +Use a `login` param pointing to your model's global ID. Note that the model must be able to log in normally, i.e. it must have a password (and therefore a `qv_account`). + +For example: + +```ruby +@user = User.create(email: '...', password: '...') +visit dashboard_path(login: @user.to_global_id) +``` + +This only works in the test environment. ## Configuration This is QuoVadis' [default configuration](https://github.com/airblade/quo_vadis/blob/master/lib/quo_vadis/defaults.rb):